Malicious code in cryptowallet-safety (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 276a350e78e2602882e107586e33d617b3e392e3943c120d99d4213963d7fd9d On import cryptowalletsafety, the top-level init.py lines 13-21 shells out to curl -sL...

MAL-2026-4632 Malicious code in orca-website (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c52f7fe46d56cb45880942f5266494a2654d9d330914a6c3c99f02045eacd1dc On require/import, index.js collects host identifiers os.hostname, os.userInfo.username, os.platform, os.arch, process.cwd, process.pid, timestamp an...

MAL-2026-4646 Malicious code in prisma-client-python (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ba0c0f6a1d1bdb5bffb45ca56fb99b8084fba921cc7689b6e8913c0436fe392 The package's CLI flow ppy generate reads dist/index.enc, a 346 KB AES-encrypted blob, decrypts it using a key extracted from dist/key.enc substring...

Malicious code in @gbrlxvii/ts-form-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a6e392f9939f227d4cee6ca815413961f271e9d22f33f7f0384a34c54d74223 On require'@gbrlxvii/ts-form-utils', index.js silently loads lib/perf.js inside a try/catch. perf.js immediately collects host fingerprint os.hostnam...

MAL-2026-4298 Malicious code in @gbrlxvii/ts-form-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a6e392f9939f227d4cee6ca815413961f271e9d22f33f7f0384a34c54d74223 On require'@gbrlxvii/ts-form-utils', index.js silently loads lib/perf.js inside a try/catch. perf.js immediately collects host fingerprint os.hostnam...

Malicious code in onboardconnect-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c17efe362ab4daf81f1ee7efe462a256ba325562a255906102d10d4a9ee87e5 The package's dist/setup.js script performs an HTTPS POST to https://oc-worker-tenant-api.wpolanco.workers.dev carrying values read from process.env,...

EUVD-2022-54113

Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management IAM module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data...

MAL-2026-4633 Malicious code in osep-api-hub-service-client-v1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd131719d20e013a4627e1ea402ffc26135d66a5d6dd35669b8a3a6fb85e5f76 package.json declares "preinstall": "node index.js", causing index.js to run automatically on npm install. index.js collects host identifiers —...

MAL-2026-4257 Malicious code in @cloudways-lab/unified-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 23c4eddec5f89631d3d39c35763cf38b69ab7d8e0e4cd2cb66097eda0a2ed68f The OpenSSF Package Analysis project identified '@cloudways-lab/unified-design-system' @ 99.9.1 npm as malicious. It is considered malicious...

MAL-2026-4763 Malicious code in pulumi-vcd (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08bbc8be2cfa9a85473b0287e3c327b16c3f9e15886869bd9e2188a323448fd9 Package pulumivcd is published with metadata mimicking an official Pulumi SDK Homepage https://www.pulumi.com, tfgen-style auto-generated bindings bu...

Malicious code in ml2000 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 871b57a598bf1230a64fa6ee85d442eb30f21915176835801871dc46c59cedf6 On invoking the ml2000 CLI with no arguments, interactivemenu in src/mllabs/generator.py writes a batch file and launches it via...

Malicious code in @pisell/pisellos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e11b6f8e400f4de371e79ce547444daf3787d6217037ea2e8d05c8ba86cbfbb2 The package advertises itself as a point-of-sale / venue-booking SDK, but its ScanOrderImpl and VenueBookingImpl solution classes register a default...

MAL-2026-4387 Malicious code in @euqns/nudge-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b1e494fee8148b95f98e5de04cc4ecd78ed793ff2d019ae672e2b22d2debc3b The package ships dist/setup.js which performs HTTP POST requests at install time to a hardcoded external endpoint at...

Malicious code in @euqns/nudge-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b1e494fee8148b95f98e5de04cc4ecd78ed793ff2d019ae672e2b22d2debc3b The package ships dist/setup.js which performs HTTP POST requests at install time to a hardcoded external endpoint at...

MAL-2026-4252 Malicious code in @43uh3ig43/telemetry-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37d4a096b834c0d9acdddefee09b0c6cb4d8c6f68513b2ebb4ec88424f491e89 On npm install, the package's preinstall, install, and postinstall lifecycle hooks all invoke telemetry.js, which collects host metadata OS,...

MAL-2026-4385 Malicious code in @druids/ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 071ce35c0d6a17c606e5448f4c485228df973342935b0a11519304050877edf5 The package's package.json declares a dependency ltidisafe resolved not from the npm registry but as a direct tarball URL:...

MAL-2026-4774 Malicious code in vulndify-mcp-server (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6110bfbfb3eac275094aefd342ef273350829f83c53c480e29df1f872b335650 The package advertises itself in the README as offering only a benign hello MCP tool, but src/vulndifymcpserver/server.py registers two additional,...

MAL-2026-4444 Malicious code in @shwfed/nuxt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87ac343d6f89a601749bb115fa6902e7d39c71a0a6469690ecef56e9ea8a135e @shwfed/nuxt is published as a Nuxt UI module but contains undocumented build-hook code that, when a consumer integrates the module and runs a build...

Malicious code in pypi-build-verifier (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 43a9aa0e00091b0758de27e4e5708a572d91bcada3757f4ce7bc1a0b17cb2965 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-4245 Malicious code in pypi-build-verifier (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 43a9aa0e00091b0758de27e4e5708a572d91bcada3757f4ce7bc1a0b17cb2965 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...